Fix for CVE-2017-7976 (#1443898)

jbig2dec-int_overflows.patch

@@ -53,3 +53,18 @@ index 4acaba9..36225cb 100644
                      jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "not enough data for decoding (%d/%d)", image->height * stride,
                                  size - jbig2_huffman_offset(hs));
                      jbig2_image_release(ctx, image);
+
+diff --git a/jbig2_image.c b/jbig2_image.c
+index 1ae614e..bddb3cd 100644
+--- a/jbig2_image.c
++++ b/jbig2_image.c
+@@ -256,7 +256,8 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int
+     /* general OR case */
+     s = ss;
+     d = dd = dst->data + y * dst->stride + leftbyte;
+-    if (d < dst->data || leftbyte > dst->stride || h * dst->stride < 0 || d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride) {
++    if (d < dst->data || leftbyte > dst->stride || h * dst->stride < 0 || d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride ||
++      s - leftbyte + (h - 1) * src->stride + rightbyte > src->data + src->height * src->stride) {
+         return jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "preventing heap overflow in jbig2_image_compose");
+     }
+     if (leftbyte == rightbyte) {

jbig2dec.spec

@@ -1,6 +1,6 @@
 Name:           jbig2dec
 Version:        0.13
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        A decoder implementation of the JBIG2 image compression format 
 
 Group:          System Environment/Libraries
@@ -87,6 +87,9 @@ rm -f %{buildroot}%{_libdir}/*.la
 
 
 %changelog
+* Thu May 11 2017 Pavel Zhukov <landgraf@fedoraproject.org> - 0.13.4
+- Add fix for CVE-2017-7976 (#1443898)
+
 * Wed May  3 2017 Pavel Zhukov <pzhukov@redhat.com> - 0.13-3
 - Prevent segserv due to int overflow (#1443898)